VSEC Blog: IT Security Channel News brought to you by Infinigate UK

There are many myths surrounding the creation and naming of Black Friday, that yearly American imported shopping bonanza, which seemingly includes almost anything these days. Including, the dark web where it was reported that cyber criminal gangs were selling stolen credit card details at a limited discount.

With the final months of 2018 in full swing, every vendor, marketing agency and outlet will be busy evaluating the events of the year; and looking into their crystal balls, in an attempt to predict the trends of 2019.

Despite it being punished under the Data Protection Act 1998, the penalty handed out to Equifax recently in reaction to their catastrophic handling of a widely reported data breach in 2017, has pushed the issue of data protection and the GDPR right back under the spotlight.

If you have been following our blog for the past few weeks, you will know that we have been focusing on the well-known virtues of third-party managed IT security solutions, otherwise known as managed security services providers (MSSPs).

For anyone who works in IT or compliance, you will be more than aware that the year 2018, has been seen more than its fair share of new regulations and updates to industry standards. This year alone we have seen the introduction or update of:

It seems that every IT-related conversation involves some element of cloud today. From cloud-hosted email, to cloud-hosted file storage and even cloud-based telephony through the use of centrally hosted VoIP services.

I am sure that we can all agree that cloud hosted software or SaaS (Software as a Service) is generally more cost effective, more convenient and easier to maintain. But in the back of our minds, there is always a concern about security; and whether or not submitting to the cloud means losing control.

Businesses that fail to take the steps necessary to protect their data, information and digital infrastructure are far more likely to suffer a data breach. A breach has the potential to do lasting harm and may even place the very survival of a business at risk. Organizations would do well to seek out any resources that may allow them to benefit from enhanced levels of security. A few tips are often all that may be required to ensure small businesses are able to take the appropriate precautions in order to better protect themselves and their data.

Just a mere ten years ago, the job of an IT manager was to pack his or her server room with stacks of equipment, keep them blinking happily away and then build a huge wall of defences around it to keep the cyber riff-raff out. How simpler our lives seemed back then...

It is both curious and comical to me how certain topics surrounding the GDPR (General Data Protection Regulation) seem to generate more buzz than others, whether they are correct or not. Such as the topic of consent being the only form of lawful processing, the overriding right to be forgotten in any circumstance and the belief that all forms of outbound marketing have been confined to history.

The hospital and healthcare industry met quite a few challenges involving ransomware in the last year. Reports of malware infecting machines in medical facilities took over news channels. The reality even infiltrated popular culture when Grey’s Anatomy ran an episode where ransomware was an integral part of the storyline. We all laughed a little when the Chief of Surgery, Miranda Bailey, said she could afford 4,932 bitcoin without her knowing that the amount equated to $20 million. It became all too real for Grey-Sloan Memorial, and their example was a great depiction of what was really going on in the medical world.

The last week of June saw the release of yet another cybersecurity compliance standard aimed the UK's public sector departments. Not content with the strain placed on departments across the country by the GDPR (General Data Protection Regulation), The NCSC (National Cyber Security Centre) has developed a five domain standard, which all government organisations should be meeting or ideally surpassing.

Fraud is a major problem in modern-day businesses. It significantly hampers the progression of business and leads to loss of revenue. According to PriceWaterhouseCoopers’ evaluation reports, over half of all businesses today have in one way or another suffered fraud. In particular, 88 percent of companies within the United States have suffered fraud that led to subsequent declines in financial performance. This shows the detrimental effects of fraud.

Hot on the heels of The GDPR (General Data Protection Regulation), yet enforced just fifteen days before, thedirective on security of network and information systems(NIS) has been created to achieve a high, common level of network and information systems security across the European Union.

Facebook has been in the news a lot lately, and the publicity hasn’t been the good kind. Reports that Cambridge Analytica – a British company that uses data mining and data analytics in providing consulting services to political campaigns – had accessed information about U.S. voters through their Facebook accounts created a firestorm. It also brought to the forefront the much broader issues of how all that “TMI” that we share on social media sites can end up in places and uses that we never intended or expected.

In the scramble of the final days leading up to the 25th of May 2018, Google crawl bots would have noticed universal updates taking place across the internet. Privacy policies for an unquantifiable number of organisations and companies were being adapted to fit the GDPR.

The 25th May 2018 has arrived and you as a data subject have been empowered with Europe's most ambitious and forward-thinking data protection regulation to date, the GDPR. As the ultimate steward of your personal data, you now have control over its use in most scenarios making data privacy a fundamental right. But what about instances where your personal data is available publicly? Is personal data fair game, once it is in the public domain?

It’s been almost a year since a zero-day ransomware attack called WannaCry infected hundreds of thousands of machines all over the world. Hackers encrypted files on infected computers and attempted to extort a ransom from their victims. Those infected with WannaCry were initially demanded to pay $300 in Bitcoin. Those affected were exploited by unpatched vulnerabilities in the Windows SMB service. Microsoft knew of the potential threat months before however, several businesses do not keep up on their patches which caused them to be an easy target for a WannaCry attack.

By now you have probably learned that the processing of personal data does not always require an act of consent. Whilst much of the internet is obsessing over consent, re-consent and double opt-in consent, you have correctly discovered that it is not the only way to legally process personal data.

Marketing automation solutions have come along way in the past five years. Once used for mass emailing, now expanded to include an array of interactivity features such as blogs, landing pages and pop-ups, all to enrich the process of inbound marketing. But as the GDPR (General Data Protection Regulation) enforcement data looms nigh, how ready are the likes of MailChimp? and what do you need to know as their data controller?

The new year has come and gone. Now that your company’s budget is on track, it’s time to start cleaning house (or your network) with IT initiatives that will protect your business from a malware attack and organize your data.

With the GDPR (General Data Protection Regulation) getting all the headlines in the past two years, it is hard to garner any attention on anything else. Yet for good reason, the GDPR is widely focused and will for some challenge the way they take their offering to market. However, there have been developments, both legislative and not, in the past two years which can present opportunities for VARs (Value-Added Resellers) and solution providers alike.

The war between security experts charged with the responsibility of protecting information andcyber-criminalswho threaten to compromise the integrity of data for different entities has become a cat and mouse game.

Like many an industry trend before, MSSP (Managed Security Service Provider) appears to be trending among IT teams and security practitioners alike; embracing the cloud and hosting technologies to relieve the burden of ownership and maintenance, retain security practices and benefit from subscription models of service.

Unfortunately, insecure passwords are not a thing of the past. As companies continue to grow, employees will use more and more applications that require a passcode. It’s time you enforce a new strategy to improve the security of your network.

Subscribe to VSEC Blog Updates

Terms and Conditions:

When completing this form, you are indicating your consent for this processing activity. By doing this you are providing Infinigate UK with lawful consent to process your submitted personal data for one or both of the marketing purposes below:

We will use your details to send you blog updates.

We will match your answers to areas of interest which believe you have and may send you additional marketing materials related to those areas.

We will keep your personal data for nine months, upon which we will delete your personal data unless you have consented to further processing or we have legitimate interests to retain it. You are free to withdraw your consent at any time by contacting our marketing department or using one of our unsubscribe links in our communications.

In some cases where you indicate consent for supplying you with additional promotional marketing material, we will share your personal data with one of our reseller partners, should your areas of interest match a solution or service they provide. We instruct all our reseller partners to communicate this data transfer with data subject affected.

Your personal data is stored in a marketing automation solution database, access to this is limited to authorised users and all necessary steps to ensure data security is maintained.

For further information about this form, your rights under the General Data Protection Regulation or how to exercise them, please contact Infinigate's marketing department here.